Create and destroy session in laravel

-
Hi, I'm a completelly newbie in laravel and I used to code with native php, here still cant find an easy way to destroy user sessions. when a user logs out, they can still click the back button for the browser and puff.. they are back in. Another question will be how do I use sessions table provided by laravel? any ideas to help solve this issue will be much appreaciated.

To answer your first question :
You have three ways to destroy sessions
1)
Session::flush(); // removes all session data
2)
Session::forget('yourKeyGoesHere') // Removes a specific variable
3)
Auth::logout() // logs out the user
More reading here :
the built in Authentication features of laravel are really powerful.
Now to answer your second question :
you need to make a table first in your database like so :
php artisan session:table

composer dump-autoload

php artisan migrate
Then going to your
/app/config/session.php file you change the driver to
'driver' => 'database',
your table name should also match the table name you created in the migration above^^^^^
'table' => 'sessions',
More reading to be done here:
Good luck any questions let us know :)

Many thanks @RixhersAjazi,
The I can now work with sessions table, its perfect. I have tested all three ways to destroy sessions especially for logged in users, somehow they are working, and because I use Auth methods, the Auth::logout() is more preferable.
However, sessions are destroyed exept one problem, when a user clicks browser "Back" button, they can see all pages previously visited, but when they click any link that makes an application refresh, is when they are given the login page.
I guess I have some other problem different from session destroy.

Probably worth mentioning, when a user is logged in, a login token is generated and stored in the sessions, Laravel uses this token to know what user etc. When you use Auth::logout() you are only removing that token. So if you set any additional user variables in sessions they wont be removed.
So to be clear, the best way to log a user out I would say is:
Auth::logout();
Session::flush();
Also @laravelmaso I am assuming you are using an auth filter to check the user is logged in? Might be a caching problem...
Your browser cache is the cause for that one. I'm currently on my phone so when I get to my work bench I can give you some php header information for a quick and dirty fix. However, I have never experienced this with laravel. Make sure your Auth filter is correct. You shouldn't be able to see the the protected even if cache is there(I think) 95% sure of this.
Also as cgoosey1 stated you should log your users out like so:
Auth::logout()
Session::flush()
//then redirect to a certain route that holds your main page
Again just to reiterate you should not have to include the following below:
header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
it is a dirty work around in my opinion. I have never had the experience you are describing with a protected route.
Could you show your filter and route to us please?

Thanks both of you guys, I have tried both solutions but still having same problem. My routes are filtered like so; I have not included those headers.
Route::group(array('before' => 'auth'), function() { Route::get('logout', array('as'=>'logout','uses' => 'UsersController@doLogout')); Route::get('/','HomeController@index');
Route::get('users','UsersController@getUsers');
. . }
Ah, yes, the wonderful world of caching.
Before going any further, I would recommend reading this article on caching:
It covers much more ground than your specific problem with the browser, but it is all essential information that every web developer should know. The executive summary is that unless you are using SSL, browsers tend to cache as much as they can and it is really hard to stop them.
I have had some luck avoiding the problem on a site that doesn't use SSL by setting certain parameters in the response. The Laravel way to do this is:
    $response = Response::make( $view, 200 );
    $response->header( 'cache-control', 'no-store,no-cache,must-revalidate' );
    $response->header( 'pragma', 'no-cache' );
    $response->header( 'expires', '0' );
    return $response;
There are numerous answers on Stack Overflow about which combinations of headers work reliably on which browsers. YMMV.

Comments

Post a Comment

Popular posts from this blog

Bootstrap Tags Input

-
Query plugin providing a Twitter Bootstrap user interface for managing tags Code on Github   Bootstrap 2.3.2   Download Examples Markup Just add  data-role="tagsinput"  to your input field to automatically change it to a tags input field. Amsterdam   Washington   Sydney   Beijing   Cairo   Show code statement returns $("input").val() "Amsterdam,Washington,Sydney,Beijing,Cairo" $("input").tagsinput('items') [ "Amsterdam" ,"Washington","Sydney","Beijing","Cairo"] True multi value Use a  <select multiple />  as your input element for a tags input, to gain true multivalue support. Instead of a comma separated string, the values will be set in an array. Existing <option />  elements will automatically be set as tags. This makes it also possible to create tags containing a comma.                 Amsterdam      ...
Read more

Laravel 5.8 Files Folders Permissions and Ownership Setup

-
Introduction:  laravel storage permissions Hello, In this post I will teach you how you can deal with files and folder permissions and ownership when you are working in laravel project.  In the modern growing development environment, security is the most important factor for any application especially when you are deploying your project on the production server. Files and folders permissions are the main things for concerned. If you are not assigning proper files and folders permission then it's mean you are giving an invitation to attackers. In other words, your system is open for public and attackers without giving proper permissions. If you are in beginner and any phase of laravel and not familiar with laravel storage permission then this post gonna help you that how you can easily laravel storage permissions . Laravel Security Issues: I have seen several time people when deploying laravel project, the first error they get is laravel storage permissions...
Read more